testing v4

[ugly]

If , during install, I choose to perform program component update I get nothing in the next window.



If I use advanced heuristics for real-time protection but without AH on execution when I try to run an application I get 100% CPU for a long time and an frozen PC.







With AH disabled for real-time protection everything is OK.
I did not get this with v3 even if I had enabled AH in real-time.

[Marcos]

Quote:

With AH disabled for real-time protection everything is OK.
I did not get this with v3 even if I had enabled AH in real-time.

Maybe the application copies some files which are then scanned by AH. You could check this using Process monitor.

[ugly]

All I wanted to point is that I don't have the same behavior with v3 cofigured like here when starting different applications. So , if nothing changed much in v4 , something is wrong.

[ESS3]

It, likely, a file or a virus processed: Protector, Crypter, packed.

=>Statistics=>antivirus and antisryware protection: we look often appearing, a file.

We delete a file, if it not the good.

I processed a file :
Protector, Crypter, packed, for concealment maiware, and is very frequent on such files, terrible brakes, but mine CPU to load and on 50 % it will not turn out


Excuse, I use the automatic translator. It can be not clear.

I from Moscow.

[ugly]

Is ESET aware that it has problemes with AH in real-time and launching some aplications ( not only with wmp11- yes...a windows element...very important -resolved in another thread) ?

[funkydude]

It's with the way specific files are packed, the best thing is to find the files and report the problem to ESET. That improves things for everyone. Remember for all it's worth advanced heuristics is really a "beta" module, being off by default. I was patient enough to find out the file causing my problem, they fixed it and I've never had problems since. It's also nice knowing you've fixed the problem for potentially thousands of other users. Unfortunately some people don't have the time/experience to find the file causing the problem.

[ugly]

Quote:

Originally Posted by ugly

If I use advanced heuristics for real-time protection but without AH on execution when I try to run an application I get 100% CPU for a long time and an frozen PC.


Attachment 204958

Attachment 204957


With AH disabled for real-time protection everything is OK.
I did not get this with v3 even if I had enabled AH in real-time.

All this happened trying to lunch Advanced Uninstaller Pro 9.1 on XP Pro. SP3 with real-time AH enabled.
Can't say the scanner stops on a certain file for a long time. Just a frozen PC for a while ......

[funkydude]

Without AH on execution doesn't fix anything if it's on in real time. Advice has been given on how to try solve the problem. It's something only you can do.

[ugly]

Quote:

Originally Posted by funkydude

It's something only you can do.

I don't think so.
I've installed on my machine and reported something wrong.
ESET should do anything they have to and resolve their product bug.

[funkydude]

They can't resolve a product bug if you don't help them. Sorry, but so far you have provided 0 useful information.

[Marcos]

We're not aware of any bug re. advanced heuristics. Of course, enabling it on access may cause delays when running certain applications, that's why a warning is displayed when the user attempts to activate this feature. In the case of widely used and popular applications, we can whitelist them directly in the engine, otherwise you can exclude such application from scanning or disable AH on file access/execution.

[ugly]

Quote:

Originally Posted by Marcos

We're not aware of any bug re. advanced heuristics. Of course, enabling it on access may cause delays when running certain applications, that's why a warning is displayed when the user attempts to activate this feature. In the case of widely used and popular applications, we can whitelist them directly in the engine, otherwise you can exclude such application from scanning or disable AH on file access/execution.

Thank you for your answer.
I'll put that on exclusion.

[ugly]

When web antivirus founds something nasty you get not 1 warning pop up but 5.
IMO this is very annoying. This behavior is present both in V3 and V4.(if I remember well , when beta-testing v3 ,Marco's answer was the browser is trying to download that multiple times so you will get multiple warnings)
But......with any other product I've used (kas.,avira,norton..) will have just one warning and ,of course, a terminated connection. I think this the right way to do it.
Maybe something like in NOD32 when IMON gives you a nice red warning in the page and that was all.

[funkydude]

Could you provide screenshots? I've only ever had 1 warning (the small non-intrusive window at the corner of the screen that appears for a few sec)

[wrathchild]

Quote:

Originally Posted by ugly

When web antivirus founds something nasty you get not 1 warning pop up but 5.

Same here...exactly 5 popups (tried with eicar test file)

Quote:

Originally Posted by funkydude

Could you provide screenshots?

maybe movie clip but screenshot hardly

[Marcos]

Quote:

Originally Posted by ugly

with any other product I've used (kas.,avira,norton..) will have just one warning and ,of course, a terminated connection. I think this the right way to do it.
Maybe something like in NOD32 when IMON gives you a nice red warning in the page and that was all.

This should happen if you switch the browser to active mode. In such case, the browser doesn't receive individual packets, but the whole file at once. If the last packet is blocked, the browser tries to download it again several times.

[wrathchild]

Quote:

Originally Posted by Marcos

This should happen if you switch the browser to active mode.

No active mode.

[Marcos]

I've just tried to download eicar with Opera. With Opera set to active mode, an alert html page was displayed and an alert bubble appeared only once. When set to passive mode, I got several warnings as Opera was trying to download the last missing packet several times.

[ugly]

Quote:

Originally Posted by Marcos

I've just tried to download eicar with Opera. With Opera set to active mode, an alert html page was displayed and an alert bubble appeared only once. When set to passive mode, I got several warnings as Opera was trying to download the last missing packet several times.

You are right. If the browser is in active mode you get one alert bubble and a warning red page. But the active mode do impact the browsing speed.
For me the ideal it seems to be one warning in passive mode but that ,I presume, it is not possible.
Thank you again!

[funkydude]

So this is limited to Opera?

[Marcos]

Quote:

Originally Posted by funkydude

So this is limited to Opera?

The same holds true for any browser that attempts several times to complete download if the last packet is blocked by Eset's products.

[wrathchild]

@Marcos
Is there a possibility for implementing some sort of anti flood for pop-up messages?

[funkydude]

Quote:

Originally Posted by Marcos

The same holds true for any browser that attempts several times to complete download if the last packet is blocked by Eset's products.

So what's the plan now?

[ugly]

After uninstall "ESET Antispam" folder remain in Outlook Express and I have to manually delete it.

[ugly]

After reinstall ekrn.exe gives me a 100% CPU with no obvious reason.
Restarting solved the problem.